const express = require('express');
const router = express.Router();
const AuthService = require('../../services/auth');

// 管理员登录
router.post('/login', async (req, res) => {
  try {
    const { username, password } = req.body;
    const result = await AuthService.login(username, password);
    
    // 检查用户角色
    if (result.user.role !== 'admin') {
      return res.status(403).json({
        code: 1,
        message: '无权限访问管理后台'
      });
    }
    
    res.json({
      code: 0,
      data: result
    });
  } catch (error) {
    res.status(400).json({
      code: 1,
      message: error.message
    });
  }
});

// 获取当前管理员信息
router.get('/current', async (req, res) => {
  try {
    const user = await User.findById(req.user.id).select('-password');
    
    if (!user) {
      return res.status(404).json({
        code:500,
        message: '用户不存在'
      });
    }

    res.json({
      success: true,
      data: user
    });
  } catch (error) {
    res.status(500).json({
      code:500,
      message: error.message
    });
  }
});

module.exports = router; 